DPM can backup a variety of workloads as SQL, SharePoint, Exchange, Hyper-V VMs, File Servers, among others. While doing so, DPM creates an initial replica of the data, and takes the following backups incrementally, optimizing Storage and Network resources. However, at times, due to the large size of the Data-source, the initial replication over the network may consume a lot of time and network resources. In such cases, it is suggested that the Initial Replica be created manually to save on these.

In this blog, our guest, Heyko Oelrichs talks about how the initial replication can be performed with SC 2016 DPM with Modern Backup Storage.

With DPM 2016 we’ve changed the whole architecture how DPM stores its backup data. Our new storage model, called Modern Backup Storage (MBS), utilizes VHDX files to store its backup data and removed the use of physical disks, overallocation and the need of colocation of workloads. (For more information about MDS check out Introducing DPM 2016 Modern Backup Storage.)

This redesign changed the procedure for manually creating initial replicas, also called pre-seeding or pre-staging, with DPM 2016 and MBS. In DPM 2016 we’re no longer creating “real” replica volumes that are always accessible.

If you select to create the initial replica manually, e.g. when your protected workload is only available through a small WAN link, you will need to perform some additional steps to mount the replica VHDX.

Here we’ll show you how to do this step-by-step:

• When adding a new datasource to protection, select “Manually” in the “Choose Replica Creation Method” dialog in the create/modify Protection Group wizard.

• This results in a new protected datasource with the status: Manual replica creation pending

• To figure out the Replica Path select the datasource and click on “Click to view details” next to “Replica path”.

• This opens a new dialog window “Details of Replica Path” where you’ll find the Source and Destination Path of your Datasource.

• Copy the path and save it in a notepad. It’ll look like the following.E: on DPM2016TP5-01.contoso.local C:Program FilesMicrosoft System Center 2016DPMDPMVolumesReplica31d8e7d7-8aff-4d54-9a45-a2425986e24cd6b82768-738a-4f4e-b878-bc34afe189eaFullE-Vol

• The first part of the copied string is the source. The second part, separated by a whitespace, is the destination. The destination contains the following information:

DPM Install Folder          C:Program Files[..]DPMVolumesReplica

Physical ReplicaID          31d8e7d7-8aff-4d54-9a45-a2425986e24c

Datasource ID                   d6b82768-738a-4f4e-b878-bc34afe189ea

Path                                        FullE-Vol

At this point, the replica is not mounted. If you look at the mountpoint from a command prompt or in Explorer, it will not be shown. It’s empty.

To mount this replica, you’ll need to run some PowerShell commands to manually mount the replica VHDX before you’re able to copy data.

First of all select your protection group:

$pg = Get-DPMProtectionGroup | ? Name -eq 'DPM DBs'

The next step is selecting the correct Datasource in your Protection Group:

$ds = Get-DPMDatasource -ProtectionGroup $pg | ? name -eq 'ReportServer'

Now you are able to mount the replica volume:

Start-DPMManualReplicaCreation -Datasource $ds 

The last command mounted the Replica VHDX-file so the initial replica data can be copied to it.

Note, leave your session opened to re-use $ds later to dismount the VHDX-file.

Now you can see the mounted drive in the already known destination path:

The replica volumes contain the expected folder structure:

Now you can start to copy your workload data to the mounted replica volume. In our example case these are SQL database and logfiles. You’ve to set this database offline to be able to copy these files.

You’ve to keep the original folder structure. What this means is shown in the following example:

Our Database Files are stored in

E:Microsoft SQL ServerMSSQL12.MSSQLSERVERMSSQLDATAReportServer.mdf

That means that we’ve to copy the data to the following destination path:

C:Program FilesMicrosoft System Center 2016DPMDPMVolumesReplica

31d8e7d7-8aff-4d54-9a45-a2425986e24cd6b82768-738a-4f4e-b878-bc34afe189ea

FullE-VolMicrosoft SQL ServerMSSQL12.MSSQLSERVERMSSQLDATAReportServer.mdf

When you’re done you have to dismount the volume by using the following ps command.

Stop-DPMManualReplicaCreation -Datasource $ds

This dismounts the Replica Volume VHDX File:

Replica volume for datasource ReportServer dismounted successfully. Run a consistency check job to start scheduled backups.

The final step is to run a consistency check:

Start-DPMDatasourceConsistencyCheck -Datasource $ds

Normal backups will be taken once the replica is healthy.

Hope this blog helps you perform manual replica creation with ease.

Olá Comunidade TechNet Wiki!

Hoje é terça-feira, dia de Artigo Spotlight!

E o destaque de hoje vai para Comando em Lotes para Adicionar ou Remover Usuários dentro de Grupos (dsget group – FOR /F “delims=*”)

Criado pelo Colaborador FABIOFOL

Today’s Tip…

Most of you have had the chance to check out the Surface Studio. Now check out the Surface Dial! Surface Dial is a completely new way to interact with technology and create in the most natural, immersive way. Store, customize, access, navigate, and reimagine physical tools in the digital world – from concept to creation. Don’t have the Surface Studio yet? No worries. You can use it on your Surface Book and Surface Pro 4 while you wait!

Surface Dial, a new input peripheral designed for the creative process that integrates with Windows and is complimentary to other input devices like pen. It gives developers the ability to create unique multi-modal experiences that can be customized based on context. The APIs work in both Universal Windows Platform (UWP) and Win32 apps.

Reference:

• “Surface Dial interactions” – https://msdn.microsoft.com/en-us/windows/uwp/input-and-devices/windows-wheel-interactions
• “Kevin Gallo gives the developer perspective on today’s Windows 10 Event” – https://blogs.windows.com/buildingapps/2016/10/26/kevin-gallo-gives-the-developer-perspective-on-todays-windows-10-event/?ocid=blogfy17_soc_yt_null_null_1026kg#w4zdIMhAcKFuMzxQ.97
• “Surface Dial” – https://www.microsoft.com/en-us/surface/accessories/surface-dial

Microsoft-Sicherheitsforscher beobachten kontinuierlich weltweite Ransomware-Kampagnen, die wahllos Ziele treffen. Wenig überraschend ist es, dass diese Kampagnen immer noch E-Mails und das Web als primären Angriffsmechanismus verwenden. Außerdem sieht es so aus, dass viele Unternehmen nur zum Opfer werden, weil sie zufällig in das weitgespannte Netz von Ransomware-Betreibern geraten. Im Gegensatz zu Cyber-Spionagegruppen setzen Ransomware-Betreiber keine typischen Spezialtaktiken ein, um gezielt Unternehmen anzugreifen.

Obwohl willkürliche Ransomware-Angriffe ähnlich wie koordinierte Malware-Infektionen funktionieren, rechtfertigen die erheblichen Kosten durch eine breite Ransomware-Attacke die Überlegungen einer Defense-in-Depth-Strategie mit mehreren Ebenen. Diese decken Schutz, Erkennung und Reaktion ab. Wenn Angriffe die Post-Breach- oder Post-Infection-Ebene erreichen – wenn also Endpunkt-Anti-Malware-Lösungen versagen, eine Ransomware-Infektion zu stoppen –, können Unternehmen von Post-Breach-Erkennungslösungen profitieren, die umfängliche Artefaktinformationen liefern und eine schnelle Pivot-Untersuchung mithilfe dieser Artefakte ermöglichen.

Die Untersuchung von häufig vorkommenden Ransomware-Familien hat gezeigt, dass die Kampagnen zur Verbreitung sich über Tage oder Wochen ziehen können. Währenddessen werden immer wieder ähnliche Dateien und Techniken verwendet. Solange Unternehmen schnell die ersten Infektionsfälle oder den “Patient null” untersuchen können, sind sie in der Lage, Ransomware-Epidemien wirksam zu stoppen. Um diese ersten Fälle schnell zu identifizieren und zu untersuchen, steht Unternehmen Windows Defender Advanced Threat Protection (Windows Defender ATP) zur Seite.

In diesem Beitrag erhalten Sie einen Einblick in eine echte Cerber-Ransomware-Infektion, die einen Unternehmens-Endpunkt während einer Kampagne Ende November 2016 betroffen hat. Dabei wird dargelegt, wie Windows Defender ATP – in Abwesenheit einer Endpunkt-Anti-Malware-Erkennung – die erste Infektionsaktivität kennzeichnen und nachfolgende Infektionen von anderen Geräten stoppen kann.

Verhalten von Cerber-Ransomware erkennen

Die Cerber-Ransomware gehört zu einer der häufigsten Ransomware-Familien, von denen Unternehmen betroffen sind (Bild 1). Während der Weihnachtsfeiertage 2016 kam Cerber verstärkt zum Einsatz. Dies haben Microsoft-Forscher Ende 2016 feststellen können. Die Mitglieder dieser weitverbreiteten Ransomware-Familie ähneln sich nicht nur untereinander, sondern verfügen über Verhaltensweisen, die für alle Malware-Familien typisch sind. Wenn diese Verhaltensweisen erkannt werden, können auch neue Bedrohungen gestoppt werden.

Bild 1: Ransomware-Angriffe auf Unternehmens-Endpunkte.

Realer Cerber-Angriff trifft auf Windows Defender ATP

Die Infektion im November 2016 durch Cerber-Ransomware begann mit einem Dokument, dass in den Download-Ordner über einen Webmail-Client heruntergeladen wurde. Ein Nutzer hat das Dokument geöffnet und ein eingebundenes Makro gestartet. Dieses hat anschließend einen PowerShell-Befehl gestartet, der Komponenten mit dem Ransomware-Payload heruntergeladen hat. Wie in Bild 2 zu erkennen ist, wurde der PowerShell-Befehl von Windows Defender ATP erkannt.

Bild 2: Entdeckung des PowerShell-Befehls.

Windows Defender ATP hat außerdem eine Benachrichtigung erstellt, als das PowerShell-Skript sich über einen öffentlichen Proxy mit einer Website verbunden hat, die durch TOR anonymisiert wurde. Das Skript sollte eine ausführbare Datei herunterladen. Security-Operations-Center-Personal (SOC-Personal) kann diese Benachrichtigungen verwenden, um die Quell-IP zu erhalten und diese IP-Adresse in der Firewall zu blockieren. Damit kann verhindert werden, dass andere Maschinen die ausführbare Datei herunterladen können. In diesem Fall beinhaltete die Datei den Ransomware-Payload.

Bild 3: Die Benachrichtigung über die Verbindung mit der TOR-Website zeigt die Quell-IP-Adresse.

Nach dem der Payload in das Temp-Verzeichnis geladen wurde, wurde er durch einen Parent-cmd.exe-Prozess ausgeführt. Der Payload erstellt im Benutzer-Ordner eine Kopie von sich selbst und startet diese anschließend. Machine-Learning-Algorithmen in Windows Defender ATP waren in der Lage, dieses Selbststart-Verhalten zu erkennen.

Bild 4: Die Ransomware startet eine Kopie von sich selbst und wird dabei von Windows Defender ATP entdeckt.

Bevor die Cerber-Ransomware Dateien verschlüsselte, versuchte sie künftige Versuche der Datenwiederherstellung zu verhindern, indem sie Systemwiederherstellungspunkte und sämtliche Volumenschattenkopien löschte. Diese werden von der Windows-Systemwiederherstellung und Windows Backup and Restore bei der Wiederherstellung verwendet. Dieses feindliche Verhalten hat Windows Defender ATP ebenfalls entdeckt.

Bild 5: Löschung von Volumenschattenkopien.

Breite und Tiefe von Benachrichtigungen ermöglichen einfache Einschätzung und Eindämmung

Windows Defender ATP hat bei der Cerber-Attacke im November 2016 mindestens vier Benachrichtigungen während des Infektionsprozesses erstellt. Damit hat die Lösung breitangelegte Entdeckungsinformationen zur Verfügung gestellt, um eine Berichterstattung über sich ändernde Techniken zwischen Cerber-Version, Beispielen und Infektionsinstanzen sicherzustellen. Microsoft-Sicherheitsforscher haben unterschiedliche Ransomware-Familien untersucht, um die Mechanismen hinter diesen Benachrichtigungen zu erstellen. Dabei haben sie auch übliche Verhaltensmuster identifiziert. Ihre Forschung unterstützen Machine-Learning-Modelle und Verhaltenserkennungs-Algorithmen, die Ransomware in unterschiedlichen Phasen des Angriffs bis hin zu dem Punkt erkennen kann, an dem Opfer Lösegeld zahlen.

Bild 6: Benachrichtigungen, die anderen Angriffsphasen entsprechen.

Jede Benachrichtigung bietet zusätzlichen Kontext zur Attacke. SOC-Personal kann diese Kontextinformationen nutzen, um eine Untersuchung zu beginnen und Einblicke von Endpunkten im Unternehmen zu erhalten. Mithilfe der bereitgestellten Datei und den Netzwerkaktivitätsinformationen können Untersuchungen, die in der Konsole von Windows Defender ATP angestoßen wurden, beweiskräftige Spuren liefern. Dies funktioniert auch, wenn kein tatsächlicher Ransomware Payload ausgeführt wurde.

Um diesen Cerber-Fall zu untersuchen, haben die Microsoft-Forscher den Namen der Payload-Datei – hjtudhb67.exe – verwendet. Dieser ist ungewöhnlich genug, dass er nicht von legitimen ausführbaren Dateien genutzt wird. Eine kurze Suche in der Windows-Defender-ATP-Konsole hat 23 andere Dateien mit dem gleichen Namen hervorgebracht. Diese Dateien wurden verdächtigerweise in einem Zeitraum von rund 10 Tagen erstellt und über die Endpunkte im Unternehmen verteilt. (Dabei ist zu beachten, dass obwohl die meisten dieser Dateien Artefakte der tatsächlichen Infektion sind, einige von ihnen wahrscheinlich Überbleibsel von Tests durch das SOC-Personal sind.)

Bild 7: Instanzen von Dateien mit dem gleichen ungewöhnlichen Namen, der auch von der Ransomware verwendet wurde.

Anschließend haben sich die Forscher mit der Quell-IP befasst, die die Payload-Datei gehostet hat. Bei einer Suche kam heraus, dass sich 10 Maschinen mit dieser IP-Adresse verbunden haben. Eine Blockade dieser Quell-IP am ersten Tag der Infektion über die Unternehmens-Firewall hätte dabei helfen können, zu verhindern, dass die Cerber-Ransomware-Payload-Datei andere Maschinen infizieren konnte.

Fazit: Defense-in-depth mit Windows Defender ATP

In diesem Beitrag konnten Sie sehen, wie Windows Defender ATP dem Unternehmens-SOC-Personal einen Blick auf die Events und das Verhalten der Ransomware-Infektion ermöglicht hat – von der Zeit der ersten Infektion bis zum Installationsprozess. SOC-Personal ist mit der Lösung in der Lage, zu verstehen, wie Ransomware einen Endpunkt erreicht hat, und können mit ihr das Ausmaß des Schadens einschätzen sowie Artefakte identifizieren. Diese können verwendet werden, um weiteren Schaden zu verhindern. Ermöglicht wird dies durch Cloud-Analysen, die regelmäßig nach feindlichen Aktivitäten suchen und diese kennzeichnen – inklusive Hinweise, die durch andere Schutzebenen übersehen werden können.

Mit dem Windows 10 Creators Update wird Windows Defender ATP Verbesserungen erhalten, die unter anderem eine Netzwerkisolation von kompromittierten Maschinen ermöglichen. Das Update wird zusätzlich eine Option enthalten, um Dateien unter Quarantäne zu stellen und zu verhindern, dass Dateien ausgeführt werden.

Windows Defender ATP ist in den Kern von Windows 10 Enterprise integriert und kann ohne zusätzliche Kosten getestet werden.

Windows-10-Sicherheits-Feature gegen Cerber-Ransomware

Windows 10 wurde mit Sicherheitstechnologien entwickelt, die dabei helfen können, die neueste Variante der Cerber-Ransomware zu erkennen.

• Windows Defender ist in der Lage, Cerber-Ransomware als Win32/Cerber zu erkennen. Es spürt auch Dateien auf, die bei der Verteilung der Payload-Datei über E-Mails und Exploit Kits helfen. Boshafte E-Mail-Anhänge werden als TrojanDownloader:O97M/Donoff und RIG Exploit Kits als Exploit:HTML/Meadgive erkannt.
• Für die Sicherheit im Web hilft Microsoft Edge dabei, Exploit Kits daran zu hindern, Ransomware auszuführen. Zudem blockiert SmartScreen Filter mithilfe von URL Reputation den Zugang zu schädlichen Seiten. Dazu gehören beispielsweise Seiten die Exploit Kits hosten.
• Device Guard schützt Systeme vor schädlichen Anwendungen wie Ransomware, indem es einen anpassbaren Katalog von vertrauenswürdigen Anwendungen pflegt und Malware auf Kernel-Ebene mit Sicherheit auf Virtualisierungsebene stoppt.
• AppLocker-Gruppenrichtlinien verhindern das Ausführen von fragwürdiger Software.

Office- und Office-365-Sicherheits-Feature gegen Cerber-Ransomware

Office 365 Advanced Threat Protection blockiert E-Mails, die schädliche Dokumente verteilen und möglicherweise Cerber installieren könnten. IT-Administratoren können mit Office 365 Advanced Threat Protection das Ausführen von schädlichen Makros in Dokumenten sowie das Öffnen von Dokumenten in den Passwort-geschützten Anhängen verhindern, die für gewöhnlich in Cerber-Kampagnen genutzt werden.

Good morning Partners.  I just read a great article talking about Microsoft’s overall approach to security.  Even though the article mentions enterprise security, our approach is truly providing enterprise level security to everyone.  You will want to check it out!  In the article they focus on a few key points:

• Identity is the new security perimeter
• Data is the new currency
• Detection and Response
• “Assumed Breach” Approach

The article is located here:  Modern Thoughts on Modern Enterprise Security: An Interview with Sachin Gupta, Principal Security Evangelist at Microsoft 

Really liked the scenario they outlined in the article:

We face the same adversaries as our customers do, but because of the scale of the technology we build and operate, we capture a massive amount of security related signals and that’s what provides us with glue to connect and integrate security dots together. This in turn provides you with the ability to not only provide for enhanced protection but also the ability to proactively monitor, detect and respond to cyber threats. This to me is a game changer which significantly enhances our ability to disrupt the adversary economic model and playbook. Let me illustrate this with an example. We all know Phishing is still the most common attack vector used by adversaries to infect end user devices by sending weaponized attachment via email.  Think about a scenario where windows defender detects the malicious payload on the end user machine and sends this intelligence to O365. O365 then automatically uses this intelligence to scan and remove emails with the same malicious attachment from the O365 mailboxes. This is truly a game change how the intel from one security capability is used by other in an automated and near real time fashion to help reduce the median time detection and response.

Enjoy! 

Matt Hester
Sr. Partner Technology Strategist
Microsoft SMB&D

Mit „Inside Microsoft“ starten wir ab sofort ein speziell zugeschnittenes Angebot für alle Privatanwender im deutschsprachigen Raum, die sich für Microsoft-Technologien begeistern. Auf der Website inside.ms hat jeder Besucher Zugriff auf spannende und inspirierende Geschichten sowie Tipps und Tricks. Angemeldete Fans erhalten Zugang zu Produkttests oder Events und teilen ihre Erfahrungen mit der Community. Thematisch dreht sich die Seite zum Start hauptsächlich um Windows 10, langfristig adressiert das Programm aber das gesamte Spektrum von Microsoft-Produkten, um eine Heimat für alle Microsoft-Fans zu sein. Voraussetzung für die Teilnahme an „Inside Microsoft“ ist eine einmalige Registrierung auf der Website.

Windows Insider erhalten mit „Inside Microsoft“ eine optimale Ergänzung zum bestehenden Insider Programm. Während Nutzer über das bestehende Insider Programm die aktuellste Windows-Software vorab testen und wertvolles Feedback geben können, um Microsoft bei der Entwicklung zu unterstützen, bietet das neue Fan-Programm den Teilnehmern nun eine Plattform, um sich mit Gleichgesinnten auszutauschen oder auch den persönlichen Kontakt zu Microsoft-Mitarbeitern zu suchen.

Erste Fan-Events finden am 23. Februar in Berlin und am 9. März in München in den jeweiligen Microsoft Deutschland-Niederlassungen statt. Ein besonderes Schmankerl: Registrierte Teilnehmer können Microsofts „Mixed-Reality-Device“ HoloLens vor Ort ausprobieren und sich direkt mit Microsoft-Mitarbeitern austauschen.

„Inside Microsoft“ ist als lebendige Plattform gedacht, die vom gemeinsamen Austausch lebt: Zusammen mit den Fans möchten wir das noch junge Programm sukzessive erweitern. Mit der Plattform wollen wir unseren Kunden zukünftig einen Ort bieten, an dem die Nutzer untereinander spannende Erfahrungen teilen und Ideen austauschen.

 
Ein Beitrag von Vanessa Weihbrecht
Product Marketing Manager Windows Consumer

みなさん、質問です。

ペーパーレスが叫ばれはじめて何年経ったでしょう？

もう忘れましたね。

そして、それでもやっぱり書籍って大事だなと思う今日この頃です。

で、そう思ったきっかけの1つがこちら。

私も執筆者の一人に名を連ねている「Azure テクノロジ入門 2016」 という本があります。

https://www.amazon.co.jp/dp/4822298914

Azureがどんどん進化していく中で、新しいポータルやARMベースの管理基盤もようやく一般的なものになったころに、エバンジェリスト久森とAzure の解説本を出したいねという話をしていて、日経BP出版局さんにお願いしたところ話を快く受け止めていただきました。

実は、最初はAzure 解体新書くらいの本棚を占拠する辞書みたいなのを作りたいなあなんて妄想をしてましたが(笑)、さすがにいきなりはリスクが高いのであきらめました。

代わりに、「そもそもAzureとは？」という新しい書籍がないという課題の共有ができたので、結果として出来上がったのがこの本でした。

難しい本ではないのですが、お陰様で全体を把握するためには良い本だと思っていただけたようで、2度目の増刷もできました。

ご購入いただいた皆さま、本当にありがとうございます！

ちなみに、私はというと、パブリッククラウドAzureに興味を持ってくれた方に漏れなくAzure Stackの存在をアピールしようという魂胆で、Azure Stackの章を担当しました。

Azure Stackの記事は書きなれているので、Tech Summitという大きなイベントを前にあまり多くの時間を割かずに済みましたが、この本に関与できたことはとてもうれしく思いました。

さて、クラウドファースト時代には「Azureを知らずしてAzure Stackを語るべからず」なので、私もあらためてAzure を勉強しています。

そしてまた、この書籍の2017版にも携わることができたら幸いです。

—-

ときれいなことを書きましたが、Azureの全体像を学びたい人は、是非買ってくださいね＾＾

日本マイクロソフト 高添

Details

Note:There are multiple files available for this download.Once you click on the “Download” button, you will be prompted to select the files you need.

• Microsoft System Center Management Pack for Windows Server Cluster 2016
• System Requirements

  Supported Operating System

  Windows Server 2016

  The Windows Server Cluster Management Pack for Operations Manager is designed for the following versions of System Center Operations Manager: • System Center Operations Manager 2016 • System Center Operations Manager 2012 • System Center Operations Manager 2012 SP1 • System Center Operations Manager 2012 R2
• Install Instructions
  See MP Operations Guide.

As always you need to read the Management Pack Guide for all the details; I am only highlighting a few things inside the management pack Guide.

Changes in Version 10.0.6.0

· Fixed issue: resources group view displayed 2012 and 2012 R2 Clusters simultaneously.

· Changed Availability Storage group monitoring logic:

o If the group state was empty or offline, the monitor did not change state to Critical.

o If the group state was in partially online state, the monitor did not change to Warning state.

o If physical disk was in offline state, the monitor did not change state from Healthy to Critical.

· Fixed issue with Network and Network Interfaces discovery in case Cluster Network Interface name was longer than ~40 characters and contained ‘-’ characters.

· Fixed issue: Cluster Resource tasks execution was failing if cluster.exe was not installed.

· Fixed issue: Cluster Network Interfaces were not discovered on Windows Server 2008 Core.

· Fixed issue: Cluster Network Interfaces were not fully discover on Windows Server 2016 Standard.

· Fixed issue: Cluster Network Interfaces were not discovered on Windows Server 2016 Nano.

· Fixed issue: Tasks did not have output on Windows Server 2016 Nano.

· Fixed issue: “Pause Node” and “Resume Node” tasks had unexpected output.

· Added support for resource groups’ tasks with names containing WMI reserved symbols.

· Fixed issue: Cluster Resources were not discovered if the Cluster had File Server role.

· Fixed issue: Cluster Resource groups could not be moved to another node due to failure of “Move Group” task. The logic was changed, see “Move Group” Task Specifics” section.

· Fixed issue: “Check Cluster Group” diagnostic task did not work on Windows Server 2003-2008 R2 platforms without PowerShell, and on Windows Server 2012 and higher without PowerShell and Cluster cmdlets installed.

· Fixed issue: If a cluster object name contained WMI reserved symbols, monitoring of this cluster object did not work.

· Added support for resources with long names (up to 4000 symbols).

· Fixed issue: “10000” warning event occurred on all platforms if the discovery did not return the data.

· Fixed issue: Several resource tasks do not work if Cluster.exe is not installed.

· Updated the display strings.

Supported Configurations

This management pack requires System Center 2012 Operations Manager or later.

The Windows Server Failover Cluster Management Pack for System Center 2012 Operations Manager supports failover clusters on the following configurations:

· Windows Server 2003 operating systems with Service Pack 2 (SP2), Windows Server 2003 R2 operating systems with Service Pack 2 (SP2) on 32-bit and 64-bit servers.

· Windows Server 2008 Enterprise, Windows Server 2008 R2 Enterprise, Windows Server 2008 Datacenter, and Windows Server 2008 R2 Datacenter operating systems on 32-bit and 64-bit servers.

· Windows Server 2012 and Windows Server 2012 R2 all editions.

· Windows Server 2016 all editions.

This management pack is also supported on the Server Core installation option of the Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 operating systems and Windows Server 2016.

This management pack is also supported on the Nano Server installation option of the Windows Server 2016.

This management pack requires installation of the latest version (10.0.8.0) of BaseOS 2016 management pack.

NOTE: The Windows Server Failover Cluster Management Pack for System Center 2012 – Operations Manager is not supported on the Windows Server 2008 R2 Web and Standard operating systems because the Cluster service is not supported on these editions.

Before You Import the Management Pack

Before you import the Windows Server Failover Cluster Management Pack, note the following limitations of the management pack:

· Agentless monitoring is not supported.

· All cluster nodes must have an Operations Manager Agent installed.

Before you import the Windows Server Failover Cluster Management Pack, take the following actions:

· Ensure that System Center Operations Manager is installed.

· You must import the Windows Server 2016 Operating System Management Pack.

· Download and import the following up-to-date management packs from the Windows Server 2016 Operating System Management Pack:

o Microsoft.Windows.Server.Library.mp

o Microsoft.Windows.Server.2008.Discovery.mp

o Microsoft.Windows.Server.2003.mp

o Microsoft.Windows.Server.2016.Discovery.mp

· Enable the Agent Proxy setting on all agents that are installed on servers that are members of a cluster.

WARNING: Discoveries and monitoring will not function unless proxy is enabled.

If you have version 6.0.6277.0 of the Windows Server 2003 Cluster Management Pack

If you have installed the Windows Server 2003 Cluster Management Pack 6.0.6277.0, remove the following management pack files prior to importing this management pack:

· Microsoft.Windows.2003.Cluster.Management.Monitoring

· Microsoft.Windows.2003.Cluster.Management.Library

· Microsoft.Windows.Cluster.Management.Monitoring

· Microsoft.Windows.Cluster.Management.Library

NOTE: · If you have any other version of the Windows Server Failover Cluster Management Pack, you can upgrade the management pack without performing the previous steps.

· An in-place upgrade is supported for Windows Server 2003 Cluster Management Pack versions 6.0.6277.1 and higher.

Details

Note:There are multiple files available for this download.Once you click on the “Download” button, you will be prompted to select the files you need.

• Microsoft System Center 2016 Management Pack for Windows Storage Spaces Direct
• System Requirements

  Supported Operating System

  Windows Server 2016

  The Windows Storage Spaces Direct Management Pack for Operations Manager is designed for the following versions of System Center Operations Manager: • System Center Operations Manager 2016
• Install Instructions
  See MP Operations Guide.

Supported Configurations

This management pack is designed for the following versions of System Center Operations Manager:

· System Center Operations Manager 2016

A dedicated Operations Manager management group is not required.

The following table details the supported configurations for Microsoft Windows Server 2016 Storage Spaces Direct Management Pack:

Prerequisites

This management pack has the following dependencies:

· Data Warehouse Library

· Instance Group Library

· Microsoft System Center Library

· Microsoft System Center Visualization Component Library

· Microsoft System Center Visualization Configuration Library

· Microsoft System Center Visualization Library

· Microsoft Windows Library

· Performance Library

· System Health Library

· System Library

· System Software Library

· Windows Cluster Library

Known Issues

· Alerts regarding S2D scripts’ failures may occur in SCOM. Such failures may be caused by collisions occurring due to absence of the Cluster Resource object, while the object’s rediscovery has not been completed in SCOM yet.

· If any workflows work unexpectedly, it may be related to absence or belated occurring of the required WMI events.

Ahead of the Industry’s annual security gathering at the RSA conference next week, today Principal Program Manager Lead for Surface Hub, Paul Barr, walks us through the top Defense-in-Depth strategies behind the design of Microsoft’s Surface Hub. As a communal device, the engineering team had the challenge of maintaining the Surface Hub user friendly and ready-to-use multi-media experience without compromising on security.

In today’s Microsoft Mechanics demo bench video, Paul explores potential attack vectors to illustrate Surface Hub’s security strategies at the level of the physical hardware, operating system, apps as well as the data level.

While we hope that you take the time to watch Paul’s full overview, let’s summarize some of the highlights of the overall approach.

Defense at the physical hardware level

As Paul demonstrates, an important security measure taken at the physical hardware level is the enforcement of secure-boot. This starts with the removable solid-state drive (SSD) which is keyed to the Trusted Platform Module (TPM) chip on the motherboard.

This approach ensures that if someone tries to inject new code onto the SSD, or if they to switch it out for a different SSD, the Surface Hub will not boot up. Surface Hub importantly also has a custom, locked-down Unified Extensible Firmware Interface (UEFI) with no user interface or API. This provides extra protection from secure boot being disabled. In fact, only genuine Windows Operating Systems will run on the Surface Hub.

Defense at the OS and app levels

At the OS and app levels, notable highlights in Paul’s demonstration focus on the safeguarding of app installation to ensure that only approved applications can run on the Surface Hub. Users of Surface Hub by default are standard users. In order to prevent random apps from being installed, device administrator accounts privileges are required to install apps. These apps can only be Universal Windows Apps (UWP) apps, which have been authorized for use with Surface Hub in the Windows Store. UWP apps are sandboxed by design. Device Guard with Windows 10 prevents non-UWP apps from executing on the Hub and blocks scripts or any unapproved executables that may be brought in via USB or the internet.

Also, as Paul shows, peripherals attached to Surface Hub cannot invoke installation of out-of-box device drivers and non-compliant devices are blocked at run-time.

Defense at the data level

Surface Hub balances the need to keep user sessions active in case participants briefly leave and return to Surface Hub, with the need to remove data and reset the device for new user sessions. The design takes into consideration the risk of data loss from an abandoned session and the risk of subsequent user sessions having access to residual user data on Surface Hub.

The Hub’s engineering team has designed the experience so that you have to take deliberate action to end each session with Surface Hub. Pressing the “I’m Done” button or starting a new session resets the Surface Hub device for the next user.

Once the user presses “I’m Done”, all information from the session, including browser history, user files and even files copied to the Surface Hub’s file system are deleted. Further, all UWP apps are uninstalled and reinstalled, and any credentials are cleared out. As an extra precaution at the end of each day, during the maintenance window specified by IT, the Surface Hub will automatically reset itself and wipe all remaining content (if any) from previous sessions, so that the Hub is ready and in a clean state for the next day.

This covers just a few of the highlights of the top defense in depth strategies behind the design of Microsoft’s Surface Hub discussed in today’s Microsoft Mechanics episode but it’s worth checking out Paul’s richer demonstration for a more comprehensive overview.

You can also learn more in our admin guide and for more in the series on Surface Hub design, experience and management, please subscribe to Microsoft Mechanics
and follow us on @MSFTMechanics for further commentary.

There’s an easier way to get the help you need to develop Azure apps and accelerate the path to app certification. Check out the Cloud App Dev technical journey to access 3 new technical consultations, now available to Microsoft Partner Network competency partners. Within these consultations, you’ll receive personalized, one-on-one guidance from a Microsoft expert, who will dive deeper into your app solution with you.

Check out these new app development technical consultations for Azure!

XAMARIN STARTER KIT CONSULTATION – Discover how to build and design cross-platform Xamarin Cloud Applications by receiving planning tools and guidance on common Xaramin scenarios. Participate in a one-on-one consultation with a Microsoft expert, who will help you build a proof-of-concept to develop mobile apps that scale and accelerate your application build from start to finish. You’ll gain an understanding of cost estimation for your app, reference architecture documentation and sample application builds.

API DEVELOPMENT CONSULTATION – Advance your custom-built applications by receiving personalized guidance and recommendations for API integrations with Azure REST Management API. Engage in a one-on-one session with a Microsoft expert and receive a customized review for an existing deployment plan as well as architecture guidance and prototyping for using API integrations. Within your consultation, you’ll learn how the Partner Center REST API can help you integrate existing CRMs with Microsoft systems. Additionally, we’ll teach you how to use API Management to publish, manage, secure and analyze APIs in minutes.

DEVELOPER MARKETPLACES CONSULTATION – Generate new revenue streams by understanding the technical requirements and steps required to deploy and monetize your application on Microsoft Marketplaces. During this personalized one-to-one session, a Microsoft expert will provide you with an overview of marketplaces and make custom recommendations on where to place your application within Marketplaces. You will receive architecture guidance for deploying your application on the marketplace as well as best practices for common support incidents.

Get started on your Application Development technical journey as you plan, build, and operate apps on Azure at http://aka.ms/AppDevAzure!

Don’t stop there! Additional services are available across each Microsoft Cloud + Enterprise practice area to ensure you have the technical presales and deployment help you need. Discover how to leverage the entire technical journey today at https://aka.ms/BuildIntelligentCloud.

[현상 요약]

Office 365 관리자는 쉐어포인트 온라인 쉘을 이용하여 기본적으로 1TB로 할당되어 있는 비즈니스용 원드라이브 용량을 5TB 까지 늘릴 수 있습니다.

그런데 아래와 같이 줄이는 것은 되는데, 늘리는 것이 안되는 현상이 발생할 수 있습니다.

[원인 또는 해결 방법]

이 현상의 원인은 여러가지가 있을 수 있습니다만, 만약 쉐어포인트 온라인 쉘을 실행하는 O365 관리자가 쉐어포인트 라이선스를 가지고 있지 않을 때 이러한 현상이 발생할 수 있습니다.

먼저 관리자 계정이 쉐어포인트 라이선스를 가지고 있는지 확인이 필요합니다.

그리고 또 한가지, 이렇게 쉐어포인트 라이선스를 가지고 있지 않는 관리자 계정에 지금 라이선스를 부여해도 문제가 해결되지 않습니다. 아래와 같이 쉐어포인트 라이선스를 가진 상태에서 관리자로 승격시켜주어야 이후부터 정상동작 합니다.

1. admin1 은 전역관리자로 실제 라이선스는 없는 계정입니다

2. admin1을 일반 사용자로 바꿉니다

3. admin1 에게 E3 라이선스(쉐어포인트 라이선스가 포함된) 를 부여합니다

4. admin1 을 전역 관리자로 바꿉니다.

[주의 사항]

본 블로그에 게시된 정보의 내용 (첨부 문서, 링크 등)은 작성일 현재 기준이며 예고없이 변경 될 수 있습니다.

또한, 참고용으로만 제공됨으로 Microsoft에 책임이 없음을 알려 드립니다. 반드시 적용 전 충분한 테스트를 진행하시기 바랍니다.

2016年4月にご案内をさせていただきました12のコンピテンシーの終了につきまして再度ご案内をさせていただきます。

提供終了コンピテンシーをお持ちのパートナー様におかれましては、すでにクラウド コンピテンシーへの移行をお済ませのパートナー様、また、移行に向けてご準備をいただいているパートナー様も多くいらっしゃるかと思いますが、再度、ご自身の会社で取得されているコンピテンシーをご確認いただき必要な対応をいただけますようお願いいたします。

【提供終了予定コンピテンシー】

• Customer Relationship Management (CRM) コンピテンシー
• Devices and Deployment コンピテンシー
• Digital Advertising コンピテンシー
• Distributor コンピテンシー
• Hosting コンピテンシー
• Identity and Access コンピテンシー
• Intelligent Systems コンピテンシー
• Learning コンピテンシー
• Midmarket Solution Provider コンピテンシー
• OEM competency コンピテンシー
• Software Asset Management コンピテンシー
• Volume Licensing コンピテンシー

現在、上記コンピテンシーのみをお持ちのパートナー様は、現在有効なMPN契約の満了をもってネットワークメンバーとなってしまいますので、契約満了前に継続予定のコンピテンシーを取得いただけますようお願いいたします。

＊ネットワークメンバーで更新した場合、コンピテンシー特典で提供している特典の利用ができなくなります。

【パートナー様向けリソース】

◆ MPN Evolutionページ： 今回のコンピテンシー変更に関するWebサイト

◆コンピテンシー変更に関する説明動画：本変更についての説明動画　（2016年５月時点の情報）

◆ MPN Evolution コンピテンシーガイド： パートナー様のビジネスプロファイルに適した将来設計にお役立ていただけます。

◆ MPN Evolution よくあるご質問：今回のコンピテンシー変更に関するFAQ

◆ パートナーメンバーシップセンター： 契約終了日やコンピテンシーの状況をご確認いただけます。

◆ マイクロソフト 認定プログラム事務局： 本件を含めパートナープログラム全般についてサポートする窓口です

こんにちは。日本マイクロソフト Office サポート チームです。

Office 製品のインストールに失敗する場合の一般的な対応方法として、下記のサイトでいくつかの方法をご案内しています。

今回は Office 製品のインストールに失敗したときの切り分け方法のひとつをご紹介いたします。

タイトル : Office 365、Office 2016、Office 2013 のインストールのトラブルシューティング
URL : https://support.office.com/ja-jp/article/Office-36535ff2def-e0b2-4dac-9784-4cf212c1f6c2?ui=ja-JP&rs=ja-JP&ad=JP

手順

1. 下記のフォルダーがあるかどうかを確認します。

C:WindowsSystem32TasksMicrosofOffice

2. Office フォルダーがなかった場合には、手動で Office フォルダーを作成します。

解説

Office 製品は、一部の機能をタスク スケジューラーによってタスクを実行することで管理します。
このため、インストール工程では、タスク スケジューラーへのタスク登録処理が行われます。
Office 製品のインストール時にタスクの登録が実行されたときに、手順 1 の場所に Office フォルダーが見つからないためにエラーが返って失敗することがありますが、上記の手順で回避することができます。

Office のインストールに失敗した時、切り分け方法のひとつとして試してみてはいかがでしょうか？

※補足
C:WindowsSystem32Tasks フォルダーには、タスクスケージューラー内部で使用するデータが保存されます。

– 注意事項
本情報の内容 (添付文書、リンク先などを含む) は作成日時点でのものであり、予告なく変更される場合があります。

『Forza Horizon 3』マンスリー カー パック 第 5 弾「Playseat カー パック」配信開始。
「Playseat カー パック」には、オーストラリアの伝説のレーシング ドライバー、ピーター・ブロックの HDT VK Commodore Group A、ツインターボチャージ 5.2 リッター V12 エンジンを搭載した Aston Martin DB11、キャデラックのハイパフォーマンス クーペ Cadillac ATS-V、日本国内でも限定発売され直ぐに完売となった Honda Civic Type R やモータースポーツで培った当時の技術が注ぎ込まれた名車 Honda S800 など、合計 7 車種を収録。オーストラリアのオープン ロードを駆けよう。
『Forza Horizon 3』のカー パックは、2017 年 3 月 まで毎月配信され、各カー パックを個別に購入することも、カー パスで 6 つのカー パック、合計 42 台を入手することができます。

「Playseat カー パック」収録車種

1985 HDT VK Commodore Group A

2017 Aston Martin DB11

2016 Honda Civic Type R

1970 Honda S800

2016 Cadillac ATS-V

2016 Vauxhall Corsa VXR

1990 Renault Alpine GTA Le Mans

「Playseat カー パック」収録車種

• 1985 HDT VK Commodore Group A
• 2017 Aston Martin DB11
• 2016 Honda Civic Type R
• 1970 Honda S800
• 2016 Cadillac ATS-V
• 2016 Vauxhall Corsa VXR
• 1990 Renault Alpine GTA Le Mans

• Forza Horizon 3 Playseat Car Pack
• カー パス
• Forza Horizon 3 体験版 (Xbox One)
• Forza Horizon 3 体験版 (Windows 10)
• Forza Horizon 3 製品ページ

So you want to learn more about the security capabilities in Office 365? You’ve come to the right place! Below is a list of resources that will provide you with a good foundational knowledge of the various advanced security workloads in Office365. Stay tuned as I will update this list periodically.

Offerings:

Office 365 Secure Productive Enterprise

Getting Started:

Address your CXO’s top five cloud security concerns

Take control of your security and compliance with Office 365

Learn how Office 365 security and compliance leverages intelligence in a cloud first world

Secure Office 365 like a cybersecurity pro—assessing risk and implementing controls

Own your data with next generation access control technology in Office 365

General Data Protection Regulation (GDPR)

How Does Microsoft IT Secure Office 365?

Keep calm and automate: How we secure the Office 365 service

Office 365 Secure Score:

Introducing the Office 365 Secure Score

Learn about Office 365 Secure Score: actionable security analytics

Advanced Threat Analytics:

Learn how Microsoft Advanced Threat Analytics combats persistent threats

Plan and deploy Microsoft Advanced Threat Analytics the right way

Advanced Security Management:

https://myignite.microsoft.com/videos/39789

Advanced Threat Protection:

Learn about advancements in Office 365 Advanced Threat Protection

Data Loss Prevention:

Protect your sensitive information with Office 365 Data Loss Prevention

Customize and tune Microsoft Office 365 Data Loss Prevention

Developer:

Building security and compliance solutions with the O365 Activity API – a Microsoft IT case study

Identity:

Deliver management and security at scale to Office 365 with Azure Active Directory

Secure your Active Directory to mitigate risk in the cloud

Exchange:

Implement Microsoft Exchange Online Protection

Get an edge over attackers – what you need to know about email threats

Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails

Learn about advancements in Office 365 Advanced Threat Protection

Azure Information Protection:

Adopt a comprehensive identity-driven solution for protecting and sharing data securely

Mobile Devices:

Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune

Deliver a BYOD program that employees and security teams will love with Microsoft Intune

Manage BYOD and corporate-owned devices with MDM solutions

Secure Android devices and apps with Microsoft Intune

Encryption:

Challenge cloud encryption myths and learn about Office 365 BYOK plans

Windows Defender Advanced Threat Protection:

Detect and respond to advanced and targeted attacks with Windows Defender ATP

The Microsoft partner program is ever-evolving, as we consider how we can help partners keep up with changing customer needs. Last year, we refreshed the list of competencies that we offer in the Microsoft Partner Network, to better align competencies to cloud- and mobility-based solutions. In 2016, we also announced changes to the performance and technical requirements for a few competencies, and many of those changes have now taken effect.

If your company is preparing for competency renewal, or if you’re working toward attaining a new competency, take a look at the summary of changes below, and then visit the competency’s page online to review all of the requirements in full. At the bottom of this post, I’ve recommended some additional resources that can help you meet your competency goal, whether it is for attaining a new competency or completing your renewal on time.

Small and Midmarket Cloud Solutions Competency

The performance requirements have changed from seats sold to net new Office 365 customers.

Small and Midmarket Cloud Solutions competency page

Cloud Productivity Competency

• Exams and certifications options have been consolidated
• Education (EDU) free SKUs count toward performance requirements
• New Learning Partner Option available to attain this competency
• New Distributor Option available to attain this competency

Cloud Productivity competency page

Cloud Platform Competency

• New Learning Partner Option available to attain this competency
• New Distributor Option available to attain this competency
• New Hosting Option available to attain this competency

For the Hosting Option, market thresholds have changed, and are as follows:

Silver Hosting Option market thresholds

US$100,000 Services Provider License Agreement (SPLA) and/or Azure Consumption Revenue via Cloud Solution Provider (CSP) program in trailing 12 months

Gold Hosting Option market thresholds

US$500,000 Services Provider License Agreement (SPLA) and/or Azure Consumption Revenue via Cloud Solution Provider (CSP) program in trailing 12 months, of which US$15,000 must be from Azure CSP revenue

Cloud Platform competency page

Enterprise Mobility Management Competency

The performance requirements now include customer adds and active entitlements.

Silver performance requirements

You must meet one of these two requirements definitions:

• Have added 3 new EMS customers and deployed 500 active entitlements of any one or combination of the eligible components (entitlements) of Enterprise Mobility Suite (EMS): Microsoft Intune, Azure Information Protection, or Azure Active Directory Premium (AADP) within the last 12 months. Seats must be paid licenses of EMS, Microsoft Intune, or AADP to count towards seat requirements. Trial or free seats are not applicable.
• Have added 20 new EMS customers and deployed 125 active entitlements of any one or combination of the eligible components (entitlements) of Enterprise Mobility Suite (EMS): Microsoft Intune, Azure Information Protection, or Azure Active Directory Premium (AADP) within the last 12 months. Seats must be paid licenses of EMS, Microsoft Intune, or AADP to count towards seat requirements. Trial or free seats are not applicable.

Gold performance requirements

You must have added 5 new EMS customers and deployed 4,000 active entitlements of any one or combination of the eligible components (entitlements) of Enterprise Mobility Suite (EMS): Microsoft Intune, Azure Information Protection, or Azure Active Directory Premium (AADP) within the last 12 months. Seats must be paid licenses of EMS, Microsoft Intune, or AADP to count towards seat requirements. Trial or free seats are not applicable.

Enterprise Mobility Management competency page

Cloud Customer Relationship Management Competency

The performance requirements have changed from seats sold to net new revenue.

Silver performance requirements

Partner must have a minimum of $100,000 of new revenue within the last 12 months. Includes Dynamics 365 new billed license revenue within the last 12 months, all purchase types excluding recurring revenue. See the list of eligible Dynamics solutions

Gold performance requirements

Partner must have a minimum of $300,000 of new revenue within the last 12 months. Includes Dynamics 365 new billed license revenue within the last 12 months, all purchase types excluding recurring revenue. See the list of eligible Dynamics solutions

Cloud Customer Relationship Management competency page

Communications Competency

The Technical Assessment for Skype Operations Framework is required for both Silver and Gold levels.

Communications competency page

Collaboration and Content Competency

Updated or new exams are required to meet requirements.

Collaboration and Content competency page

Project and Portfolio Management Competency

Updated or new exams are required to meet requirements.

Project and Portfolio Management competency page

Competency resources

• Renew your benefits and accelerate your business growth – tips for a smoother competency renewal process
• Competency information: membership qualification and membership renewal
• If you’re working toward a new cloud competency, you can nominate your company for support from the Cloud Enablement Desk
• Support options

MPN 101: Updates about MPN and Partner Resources

Watch this video online

While reviewing a comment on Missed call notification when the call is blocked by CallerIDBlock MSPL Script we realize that the calls blocked by the CallerIDBlock are hard to track.

An easy way to get an event for each blocked call is to use the Log function:

MSPL built-in functions > Log
https://msdn.microsoft.com/en-us/library/office/dn439170.aspx

The CallerIDBlock previous version (1.1) sends the log to the debug log, to view this log we need the APILogger.exe. For more details please check:

Deploying and Troubleshooting Lync Server 2010 MSPL Applications
https://blogs.technet.microsoft.com/nexthop/2012/03/14/deploying-and-troubleshooting-lync-server-2010-mspl-applications/

However, the MSPL Log function has the ability to send it to the Event Viewer.

Since we may not want to have the Event Viewer full of events, we added a new .config file:

CallerIDBlock.config

The file can be changed on-the-fly like the BlockedTelephoneNumbers.txt. This means that we don’t need to reload the script if we want to change the log setting.

For reference, the following code was change from:

To:

Here is an example if we configure the log setting to rejected:

We can also set it to both, then the CallerIDBlock will also log the allowed calls:

Note: We only recommend to the setting both for troubleshooting purposes.

The CallerIDBlock v1.2 can be downloaded from TechNet Gallery:

MSPL: Blocking Calls on Lync Server/Skype for Business 2015 Based on CallerID
https://gallery.technet.microsoft.com/MSPL-Blocking-Calls-on-e6d52de9

This post is mainly for those who want to achieve email sending from SharePoint Designer Workflows. (If you don’t want to read through all the drama, jump directly to the Falling Action section.)

Exposition

In an enterprise environment developing SharePoint Workflows on the production environment might not be the best thing you can do. Of course if you are a superuser and you are developing a workflow for your small team, it might still be a solution, but if your solution is business critical… Well… You might wish to have some kind of Application Lifecycle Management (ALM) for your workflow.

( Don’t Be Afraid )

Rising action

With the introduction of SharePoint 2013 Microsoft introduced the interchangeability feature between SharePoint Designer and Visio 2013 Professional. What does it mean? It means that you are able to create your Workflow in Visio 2013, then import it into SharePoint Designer and the other way around. Sounds fancy, but what does it really mean to us?

Climax

It means two things:

1. One does not need to be a SharePoint superuser to be able to create a business logic that is to be implemented in SharePoint.
2. One can port their precious Workflows between environments with ease.

Too good to be true, you say? Well… Indeed there are some things you need to keep in mind.

Act 1

First and foremost, the SharePoint 2013 style Workflows are bound to GUIDs. This post’s target audience is the superusers so I won’t go into the details on why and where. When porting your Workflow between DEV, TEST, UAT and PROD environments, you have to use the same GUID for :

• the actual list where you deploy your workflow to,
• the Workflow History List,
• the Workflow Task List.

Also, you have to make sure that:

• the association scope between the SharePoint site and the Workflow Manager farm is different, because that’s another GUID.

Act 2

So let’s put it together. What steps do I need to make this thing work?

1. Create the basic structure of your solution in your DEV environment, including the
   • List(s) that you will use to store your data
   • Workflow History List
   • Workflow Task List
2. Port your list to the other environments (TEST, UAT and PROD). For this you can use
   • Content Database transfer
   • SharePoint solution that deploys the above lists with the same GUID throughout the environments. (This is the option you have to choose when you are in a Hybrid scenario, as you cannot just port the ContentDB to SharePoint Online.)
3. Have your Business Champ create the Workflow in Visio 2013. (This is an optional step, if you are the Site Administrator and you know what you want to achieve.)
4. Import the saved Workflow into SharePoint Designer – or create your own if you skipped Step 3 – and bound it to the List. Map the fields and do whatever other modifications are needed to make the Workflow working in SharePoint.
5. Export the Workflow from SPD.
6. Copy the VSDX file to your other environments.
7. Import the VSDX file in your other environments and bound them to the same lists.
8. Enjoy your solution.

Act 3

Doing it once is not a big deal, since ALM is all about constant changes and updates, right? Yes, exactly. The beauty is that from this point whatever modification you do in your DEV environment can be easily ported to your other farms.

Those of you who paid attention so far might have noticed that I did not mention the columns so far. Indeed I did not, because the GUID of the columns are irrelevant. Only the internal name matters. How cool is that?

When you do subsequent export-imports between the environments, you will get a nice warning window in SharePoint Designer, reminding you that the VSDX file that you are about to import contains an update to an existing Workflow and asks you if you want to update it. Of course you do, since this is exactly why we are here, no? Of course we are.

Falling Action

The above described action works just fine with SP2010 and SP2013 style Workflows as well. It works with on-prem and in the Cloud. It even works if you port stuff between your on-prem sites into your Cloud sites. (Pay attention to the requirement about the GUIDs…)

Life is good. ( I feel good )

Dénouement

As you can see, the built-in SharePoint Workflow infrastructure is flexible enough to implement an Application Lifecycle Management easily. For how long? That we do not know, as – at the time of the writing of this post – Microsoft has no clear statement of the future of the built-in Workflow infrastructure, the only thing we know is both the 2010 and 2013 style Workflows are deprecated.

One thing we know for sure though. Future is the Cloud after all.

( Blue skies )

Feb

8

Script Download:
The script is available for download from https://gallery.technet.microsoft.com/How-to-retrieve-Azure-5a3d3751.

The sample code demonstrates how to retrieve Azure Virtual Machine Operating System name by PowerShell.

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery